push to ecr

Author: rlukata

.github/workflows/publish.yml

@@ -22,17 +22,6 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
       - name: Install rust
         uses: risc0/risc0/.github/actions/rustup@main
@@ -43,29 +32,41 @@ jobs:
           cargo install cargo-binstall --version '=1.6.9' --locked
           cargo binstall cargo-risczero@1.1.1 --no-confirm --force
           cargo risczero install
+
       - name: Install Foundry
         uses: risc0/foundry-toolchain@2fe7e70b520f62368a0e3c464f997df07ede420f
+
       - name: cargo check to build ELF and image ID
         env:
           RISC0_USE_DOCKER: true
         run: cargo check
+
       - name: Delete unnecessary cache files to save disk space for docker build
         run: sudo rm -rf "/usr/local/share/boost" "$AGENT_TOOLSDIRECTORY" ./target/debug
 
-      - name: Build and push Docker image
-        id: push
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          context: .
-          file: ./dockerfiles/blobstream0.Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-      
-      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v1
+          aws-region: 'us-west-2'
+          role-to-assume: arn:aws:iam::299470750068:role/github-actions-assume-role
+
+      - name: configure federated aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
+          aws-region: 'us-west-2'
+          role-to-assume: arn:aws:iam::559050242814:role/github-federated-actions-bonsai-services
+          role-chaining: true
+          role-skip-session-tagging: true
 
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build, tag, and push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: bonsaiservices
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f ./dockerfiles/blobstream0.Dockerfile .
+          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG